Consumer security at risk as FCA announces delay to PSD2 strong authentication deadline 

Today, the UK’s Financial Conduct Authority (FCA) has confirmed an 18-month delay to the introduction of Secure Customer Authentication (SCA) rules – one of the most important legislations affecting the financial sector – in a bid to give firms more time to prepare.

As part of the PSD2 directive, the requirement stipulates stronger payment security standards for higher value transactions based on multifactor authentication, increasing the security of electronic payments. In our increasingly digitalised world and with the explosion in cybercrime, identity theft and fraud, online payments must look to set a standard that meets the expectations of the consumer. According to data published by the FCA, reports of cyber incidents at financial services firms increased 1,000 per cent in 2018, and this figure is only expected to rise with the growth in mobile payments.[1]

Despite fraud losses on UK-issued cards increasing 19% to £671.4 million last year,[2] the FCA has bowed to pressure applied by the financial services community in extending the deadline. Jason Tooley, Chief Revenue Officer at Veridium, highlights the unacceptable length of the delay and the misalignment of expectations when consumers are entitled to enhanced, secure digital experiences. In response, more and more organisations daily are turning to a strategy of mobile and biometric based authentication in order to help support the required regulatory compliance.

Jason Tooley comments: “It is disappointing to see such resistance from the financial services sector towards integrating StrongCustomer Authentication into its services. Financial institutions and payment service providers have had nearly two years to prepare since the initial announcement, and there is no valid excuse for the delay in its enforcement apart from an unwillingness to participate. It would be interesting to understand the prioritisation of PSD2 Strong Customer Authentication as I’m aware that a number of financial services organisations viewed this as a business differentiator.”

“Whilst it is true that consumers will see minor changes to their day-to-day spending, the additional layer of security on higher value payments will enable consumers to benefit from safer and more innovative electronic payment services. The impact on consumers must not be overlooked by the lengthy delay in enforcement; Strong Customer Authentication will mean consumers are more confident when buying online – not act as a deterrent to sales as some have incorrectly suggested.”

Jason continues: “There are technologies in the market which have the potential to alleviate the challenges posed by the regulation. True multi-factor authentication solutions can facilitate financial services institutions enhancing consumer confidence and creating a secure experience whilst ensuring the customer has a frictionless user journey. Basing the digital authentication process on combining the customer’s own technology with an open biometric approach and true step-up intelligence, will allow financial institutions to meet the regulatory requirements sooner rather than later.”